PE_KAZE.2056.A

Malware type: File Infector

Aliases: Virus.Win32.Kaze.2056 (Kaspersky), W32/Zikam (McAfee), W32.Kaze (Symantec), W32/Kaze.2056 (Avira), W32/Ezaki-A (Sophos), Virus:Win32/Ezaki.A (Microsoft)

In the wild: No

Destructive: Yes

Language: English

Platform: Windows

Encrypted: No

Overall risk rating:

Description: 
This is a direct infector Windows PE (Portable Executable) virus that infects all EXEcutable files in the current directory. It has a destructive payload that overwrites all EXE files in the C:\ drive with the text KAMIKAZE on the 22nd of every month.

For additional information about this threat, see:

Description created: Mar. 23, 2002 12:51:14 PM GMT -0800
Description updated: Mar. 29, 2002 12:03:50 PM GMT -0800


TECHNICAL DETAILS


Size of malware: 2,056 Bytes

Initial samples received on: Mar 23, 2002

Payload 1: Modifies Files (overwrites files with the string "KAMIKAZE")

Trigger date 1: 22

Trigger condition 1: Upon execution

Details:

Upon execution, this virus searches for all Windows PE (Portable Executable) files in the current directory and infects them by adding its own code at the end of the target file. To avoid re-infecting previously infected files, the virus always checks for the marker �BA�, which it inserts during infection, at offset 24h relative to the start of the file.

This virus has a dangerous payload. On the 22nd of every month, it overwrites all EXE files in the C:\ drive with the text �KAMIKAZE�. The filesize of the overwritten files stays the same.